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Remarks 

I. Introduction 

This is in response to the Office Action dated November 17, 2004. The 
Office Action rejected claims 1-24 under 35 U.S.C, §102(a) as being anticipated 
over U.S. Patent No. 6,154,775 to Coss et al. (Coss). Claims 1 1 and 23 were 
rejected under 35 U.S.C. §1 03(a) as being unpatentable over Coss in view of 
U.S. Patent No. 6,498,782 to Branstad et al. (Branstad). 

The Abstract has been amended in response to the objection to the 
Specification. 

In response to the §102 and §103 rejections, Applicants have amended 
claims 1-24. Claims 1-24 remain for consideration. 

II. Rejections under 35 U.S.C. §102 

Claims 1-24 were rejected under 35 U.S.C. §1 02(a) as being anticipated 
over Coss. In order for a claim to be anticipated under 35 U.S.C. §102, each 
and every limitation of the claim must be found either expressly or inherently in a 
single prior art reference. PIN/NIP. Inc. v. Platte Chem. Co. . 304 F.3d 1235, 
1243 (Fed. Cir. 2002). In the present case, Coss does not show each and every 
limitation of claims 1-4, 6-9, and 14-29. Therefore, Applicants request the 
withdrawal of the rejection under 35 U.S.C. §1 02(b). 

The present invention is generally directed to a method and system for 
monitoring traffic in a data communication network. Coss is directed to a firewall 
that can support multiple security policies, multiple users, or multiple security 
policies as well as multiple users, by applying any one of several distinct sets of 
access rules for a given packet. For the reasons discussed below, Coss does 
not anticipate the presently claimed invention under the strict §102 standard as 
set forth above. 

Independent claim 1 is directed to a method for monitoring traffic in a 
network. Claim 1, as amended, contains the steps of: 
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Amendments to the Drawings 

Replacement drawing sheets are being submitted herewith. 
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receiving at least one data packet at a network interface, 
said network interface comprising: 

a) a first module handling communications 
between the network and a host, and 

b) at least one programmable processing 
module in communication with said first module; 
and 

processing information in the at least one data packet 
using the at least one programmable processing module to 
generate network information. 

Thus, the claim requires a first module handling communications between 
the network and a host and one or more programmable processing modules 
generating network information from the processing of one or more data packets. 

Coss does not disclose each and every element of claim 1 and therefore 
claim 1 is not anticipated under 35 U.S.C. §1 02(a). Coss discloses, in the 
Summary, techniques for implementing computer network firewalls so as to 
improve processing efficiency, improve security, increase access rule flexibility, 
and enhance the ability of a firewall to deal with complex protocols. In the 
Background, Coss discloses that "techniques known as packet filtering, effected 
at a network processor component known as a firewall, have been developed 
and commercialized." Coss further discloses, in col. 6, lines 21-25, that the 
firewall examines the applicable rules to ascertain whether the packet may pass. 
Coss also discloses, in col. 2, lines 33-36, that a "computer network firewall may 
make use of dynamic rules ... for processing packets." Coss also discloses, in 
col. 5, lines 42-59, stateful packet filtering - caching rule processing results for 
received packets and then utilizing the cached results to bypass rule processing 
for subsequent similar packets. The cache can include a session key, the 
number of the applicable rule, and statistical information. 

Thus, Coss determines whether to transmit a packet through the filter 
based on one or more rules. Coss discloses a firewall that determines whether a 
packet may pass and, when the determination is positive, the output of the 
firewall is the packet itself. Coss does not, however, disclose a programmable 
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processing module in communication with a first module for generating network 
information. As shown in Coss's Fig. 4, the "statistics" generated by the stateful 
packet filtering relates to the number of packets passed or dropped according to 
a particular rule. Coss does not, however, disclose a programmable processing 
module generating network information. 

Further, Coss discloses one module (i.e., the firewall) performing the 
filtering. As a result, Coss does not disclose a first module handling 
communications between the network and a host and a programmable 
processing module in communication with the first module to generate network 
information. These distinctions render Coss unable to anticipate claim 1 under 
§102. 

Independent claim 13 is allowable for reasons similar to those described 
above in connection with claim 1. In particular, claim 13 is an apparatus for 
monitoring traffic in a network. Claim 13, as amended, contains the limitations of: 

a network interface receiving at least one data packet, 
said network interface comprising: 

(a) a first module handling communications between the 
network and a host, and 

(b) at least one programmable processing block in 
communication with the first module and processing 
information in the at least one data packet to generate network 
information. 

Thus, the claim requires a network interface receiving one or more data 
packets and having a first module handling communications between the network 
and a host and at least one programmable processing module generating 
network information from the processing of one or more data packets. For the 
reasons described above, Coss does not disclose a programmable processing 
module for generating network information. Moreover, Coss does not disclose a 
first module handling communications between the network and a host and 
communicating with the programmable processing module. Thus, Coss does not 
anticipate each and every limitation of claim 13. 
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For the reasons discussed above, independent claims 1 and 13 are 
allowable over Coss. Dependent claims 2-12 and 14-24 depend upon an 
allowable independent claim and are therefore also allowable. In addition, these 
dependent claims add additional patentable subject matter and are also 
allowable for the reasons discussed below. 

Dependent claims 3 and 15 contain the limitation that the at least one 
programmable processing module is generated from a processing query 
expressed in a high-level language. Coss discloses, in col. 4, lines 20-26, using 
an asterisk (*) for wild card entries in a table corresponding to the access rules of 
the firewall. As described above, Coss does not disclose a programmable 
processing module for generating network information. Therefore, Coss does not 
disclose generating one or more programmable processing modules from a 
processing query expressed in a high level language. Therefore, dependent 
claims 3 and 15 are allowable for the reasons discussed above in connection 
with claims 1 and 13, respectively. 

Dependent claims 4 and 16 contain the limitation that the processing 
query accesses functions defined in the first module. Coss discloses, in col. 8, 
lines 35-40, that dynamic rules can be loaded at any time and are included in the 
access rules. Coss does not, however, disclose having a processing query 
accessing functions defined in the first module. Therefore, dependent claims 4 
and 16 are allowable for the reasons discussed above in connection with claims 
1 and 13, respectively. 

Dependent claims 9 and 21 contain the limitation that the first module can 
pass parameters to the at least one processing module, thereby changing the 
processing performed by the at least one processing module. Coss discloses, in 
col. 8, lines 28-40, that dynamic rules allow a given rule set to be modified based 
on events happening in the network without requiring that the entire rule set be 
reloaded. Thus, Coss discloses changing a rule without an entire rule set having 
to be reloaded. Coss does not, however, disclose parameters being passed to a 
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processing module to change the processing performed by the processing 
module. Therefore, dependent claims 9 and 21 are allowable for the reasons 
discussed above in connection with claims 1 and 13, respectively. 

Dependent claims 10 and 22 contain the limitation that the first module 
can instantiate new processing modules dynamically. Coss does not disclose 
any instantiation and therefore does not disclose instantiating new processing 
modules dynamically. Therefore, dependent claims 10 and 22 are allowable for 
the reasons discussed above in connection with claims 1 and 13, respectively. 

Dependent claims 2, 5-8, 12-14, 17-20, and 24 are allowable for the 
reasons stated above and because they depend from an independent claim. 

III. Rejections under 35 U.S.C. §103 

Claims 11 and 23 were rejected under 35 U.S.C. §103(a) as being 
unpatentable over Coss in view of U.S. Patent No. 6,498,782 to Branstad et al. 
(Branstad). None of the cited references, either alone or in combination, disclose 
Applicants' invention. 

As described above, Coss requires a network interface receiving one or 
more data packets and having a first module handling communications between 
the network and a host and at least one programmable processing module 
generating network information from the processing of one or more data packets. 
For the reasons described above, Coss does not disclose a programmable 
processing module for generating network information. Moreover, Coss does not 
disclose a first module handling communications between the network and a host 
and communicating with the programmable processing module. Thus, Coss 
does not disclose the limitations of independent claims 1 and 13, respectively. 

Dependent claims 1 1 and 23 contain the limitation that the network is a 
Gigabit Ethernet network. As the Office Action admits, Coss does not disclose 
the limitations of claims 1 1 and 23. 

Branstad fails to cure the deficiencies of Coss. Branstad is directed to a 
Gigabit Ethernet communications adapter for implementing communications in a 
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communications network. Branstad discloses, at col. 2, lines 42 - 47, a 
transmission queue that can be subdivided into multiple priority queues and a 
transmission rate being set for each transmission queue. Branstad does not, 
however, disclose a programmable processing module for generating network 
information. In particular, Branstad does not disclose generation of any type of 
network information. Moreover, Branstad does not disclose a first module 
handling communications between the network and a host and communicating 
with the programmable processing module. 

Further, Branstad is focused on communications methods and Gigabit 
Ethernet communications adapter providing quality of service and receiver 
connection speed differentiation. Branstad does not disclose a firewall. Further, 
Coss does not disclose a communications adapter. Therefore, there is no 
motivation to combine Branstad with Coss. 

Dependent claims 1 1 and 23 are allowable for the reasons stated above 
and because they depend from an independent claim. As such, Applicants 
request withdrawal of the §1 03 rejection with respect to these claims. 

IV. Conclusion ( 

For the reasons discussed above, all pending claims are allowable over 
the cited art. Reconsideration and allowance of all claims is respectfully 
requested. 
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